Week 5: Application Security
Testing for an unknown is a virtually impossible task. What makes it possible at all is the concept of testing for categories of previously determined errors. The different categories of errors are:
buffer overflows (most common);
privilege errors; and
Please evaluate the software engineering, secure-code techniques, and the most important rule that relates to defending against a denial-of-service attack. Here are two types of error categories: the failure to include desired functionality and the inclusion of undesired behavior in the code. Testing for the first type of error is relatively easy.
Other items we should understand for error opportunities in applications are related to design, coding, and testing. How do we assure that these items are addressed in our software-application development or acquisition?